Hot Legal Topics

Learn more about legal topics relevant to you & your business.

We often are asked about non-compete agreements - both from the business's side and from the employee's. As such, we're taking this opportunity to break them down a bit and explain when they're appropriate and enforceable, and when they're not. What is a “non-compete”? In its simplest terms, a non-compete agreement or clause (sometimes also referred to as a “restrictive covenant”) is a legal document wherein an employee agrees not to go to work for an organization's competitor for a set period of time in a certain geographical area after leaving the organization. Non-competes also prohibit the employee from revealing proprietary information or secrets to any other parties during or after employment. What is a “non-solicitation agreement”? Generally speaking, a non-solicitation agreement prevents a former employee from soliciting a certain limited universe of customers or employees of the employer for a period of time. The goals of a non-solicitation are generally more modest than those of a non-compete, and as such, the employer is not seeking to prevent the former employee from gainful employment. Rather, the employer is simply trying to protect its client and employee base from former employees who continue in the same line of business after leaving the employer. In other words, under a non-solicitation agreement, the former employee can still work, but just can’t take the employer’s clients or employees for a stated period of time. Are non-competes and non-solicitations enforceable in Colorado? Yes, but only in EXTREMELY limited situations. In August 2022, Colorado joined the national trend of limiting employer use of non-compete and non-solicit covenants. The new law further provides specific notice requirements and imposes penalties for an employer's non-compliance with the law. The key aspects of the new law are as follows: Non-Competes . Under the new law, Colorado prohibits the use of non-competes and non-solicits except when connected to (1) the sale of a business and (2) when dealing with "highly compensated" workers. A "highly compensated" worker means someone making more than $101,250 per year. This amount will be set annually by the Colorado Department of Labor. Keep in mind that the threshold pay amount must exist at both the time the non-compete is entered into and at the time the employer seeks to enforce the covenant. Non-Solicitations . As noted above, there are typically 2 types of non-solicitation agreements - those involving the solicitation of a company's employees and those involving a company's clients. While the new law doesn't set any specific limitations on the solicitation of employees, any non-solicitation targeting a company's clients will only be upheld against workers who earn 60% of the "highly compensated" threshold, which is currently $60,750. Confidentiality/Non-Disclosure . Fortunately, the new law doesn't invalidate reasonable confidentiality and non-disclosure agreements, is does clarify that the agreements must not prohibit the disclosure of: (1) information arising from the worker's general training, knowledge, skill, or experience, (ii) information that is readily ascertainable to the public; and (iii) information that the worker otherwise has a legal right to disclose. Notice Requirements . Perhaps the biggest change under the new law is are the specific notice requirements that must be afforded to prospective or current workers in order for a non-compete to be enforceable. For prospective workers, the terms of the non-compete must be provided before the worker accepts an offer of employment. For current workers, employers must provide the terms at least 14 days before the effective date of the restriction or change in the condition of employment. The required notice must be in "clear and conspicuous terms in the language in which the worker and employer communicate," and must be signed by the worker. Furthermore, the notice and signature must be on a document that is separate and apart from the document that contains the restrictions. In other words, employers must provide 2 separate documents in order for a non-compete to be enforceable: (1) the notice, and (2) the agreement. Enforcement and Penalties . Another major change in the law is the addition that any employer who enters into, presents to a worker, or attempts to enforce, any void and unenforceable covenant is liable for actual damages and a statutory penalty of $5,000 to the aggrieved worker. Violators will also be liable for attorneys' fees and costs. Actions against an employer may be brought by the aggrieved worker, the Attorney General, and/or the Colorado Division of Labor. Are there additional restrictions on non-compete and non-solicit agreements? Yes. Even if a non-compete or non-solicit may be enforceable, its scope and terms must be “reasonable.” Generally, whether a non-compete is “reasonable” will look to: the duration of the non-compete; the geographical scope; whether the scope of the non-compete is necessary to protect the employer’s interests; and whether the non-compete imposes hardship on the employee. Ultimately, “reasonableness” is determined on a case-by-case basis, as there is no general rule as to what is reasonable in any given context. How can a business enforce a non-compete? A court can award an employer the following remedies for violation of a valid non-compete in Colorado: injunctive relief (essentially a court-order precluding the employee from the competitive employment); damages (i.e., loss of profits), and costs & attorney’s fees. Generally speaking, injunctive relief is the most common method of enforcing a valid on-compete, as damages can be difficult to establish. In some cases, the competitor that hired the employee subject to the non-compete may also be found liable if they intentionally induced the employee to breach the non-compete. Prior to the recent law change, it was often commonplace for employers to include non-competes and non-solicits in contracts with the knowledge that they were unlikely to be enforced. The point of this was to act as a deterrent to workers going to work for competitors or starting their own competing business. Given the express penalties noted above, this practice will no longer be tolerated, and company's can find themselves on the wrong end of significant fines and damages. If you have a non-compete clause in your employment contracts, schedule a call with us today so that we can evaluate it and help you determine whether the non-compete would be enforceable, or if there’s something you can do to better protect your company. Additionally, if you intend to use non-competes, make sure you're providing separate notice to your workers to comply with the notice requirements.

You may have heard about the Colorado SecureSavings Program starting in 2020. After many delays, the Program is finally rolling out. So, if you have employees in the State of Colorado, you need to pay attention and understand if/when you need to comply! What is the Colorado Secure Savings Program? The Colorado SecureSavings Program mandates certain businesses to provide qualified retirement benefits to W2 employees. Who does the Colorado SecureSavings Program apply to? The Program applies to businesses registered to conduct business in Colorado: With five or more W2 employees who have worked for the business for at least 180 days; That have been in business at least two years; and That are not currently providing a qualified retirement benefit What employees count towards the Colorado SecureSavings Program requirements? Eligible employees include any worker who: Is at least 18 years old; Earns taxable wages; and Has been employed by a Colorado business for at least 180 days. How does the Colorado SecureSavings Program work? The program involves offering a payroll deducted IRA that will feature automatic enrollment and automatic escalation for participants. Because the state-mandated program was designed to close the coverage gap among employees who have access to a retirement plan and those who do not, most businesses in Colorado will be required to comply unless they offer a different qualified plan instead. Is the Colorado SecureSavings Program mandatory? Enrolling in the Colorado SecureSavings Program is not mandatory but providing a qualified plan of some sort is. Employers who don't want to participate in Colorado SecureSavings do have other options to satisfy the mandate. A qualified, employer-sponsored retirement plan includes a plan qualified under Internal Revenue Code sections 401(a) (including a 401(k) plan), qualified annuity plan under section 403(a), tax-sheltered annuity plan under section 403(b), Simplified Employee Pension plan under section 408(k), a SIMPLE IRA plan under section 408(p), or governmental deferred compensation plan under section 457(b). It does not include payroll deduction IRAs. What if an employer doesn’t comply? Employers in Colorado will want to stay on top of their Colorado SecureSavings registration deadlines, as penalties for non-compliance can add up quickly. Employers who do not comply with the mandate will be subject to a fine of up to $100 per employee per year who is eligible to participate in the program, up to $5,000 per calendar year. What can/should you do now? Check out the Colorado SecureSavings Program website and resources for more info. Check out the FAQs for Employers and for Employees/Savers , and make sure your employees understand what's coming. Set up your Colorado SecureSavings Employer Account per the following deadlines: Employers with 50 or more employees: March 15, 2023 Employers with 15 to 49 employees: May 15, 2023 Employers with 5 to 14 employees: June 30, 2023 If you already have a qualified plan, you'll need to Certify Your Exemption .

We get a lot of questions from businesses regarding whether they really need anything beyond commercial general liability insurance. So much so that we felt it was appropriate to dive a bit deeper into what exactly commercial general liability (“CGL”) insurance covers, and what it doesn’t. While it’s true that a business’s CGL insurance will likely cover the bulk of claims that a business will face, it doesn’t cover everything. What does CGL Insurance Cover? General liability insurance extends to a variety of claims arising from your business services and operations. Actions by you, your business partners, and employees are covered. If a third-party makes a claim against your business for injuries they sustained, or actions by you or your employees, your CGL policy should help cover costs for: Bodily injuries including medical costs, pain & suffering, lost wages, etc. Medical payments Replacement or repair of damage to property owned by the third-party (but not the business’s own property – that would be covered by commercial property insurance) Advertising injuries and reputational injuries, such as libel, slander, or copyright/trademark infringement Replacement or repair of damaged property Administrative costs associated with handling claims Legal fees to defend your business against the claim (including attorney’s fees and expert fees) Court costs Judgments or settlements What doesn’t CGL Insurance Cover? While CGL insurance covers a broad array of claims, it doesn’t cover everything. Here’s what CGL insurance doesn’t cover: Damage to your own property : You need to purchase commercial property insurance to protect your business’s own property against damage or theft. Professional negligence : Negligence in providing professional services or actions made on behalf of your business is covered by professional liability insurance or directors and officers insurance. If you’re an attorney, physician, engineer, accountant, or other similarly regulated profession, you’ll need professional liability insurance. Managerial negligence : Directors &Officers (“D&O”) insurance protects the personal assets of a business’s corporate decision-makers in the event they are personally sued by employees, vendors, competitors, investors, customers, or other parties, for actual or alleged wrongful acts in managing a company. Typically, these types of claims involve allegations of: Breach of fiduciary duty resulting in financial losses or bankruptcy Misrepresentation of company assets Misuse of company funds Fraud Failure to comply with workplace laws Theft of intellectual property and poaching of competitor’s customers Lack of corporate governance Auto claims : Injuries from the use or operation of a company vehicle are covered under a commercial auto insurance policy. Employee injuries : Employees who are hurt on the job are covered under a workers compensation policy. Product defects : If your business manufactures or sells products, you’ll want to make sure that you have product liability insurance to cover any manufacturing, design, and marketing defects. Lost business income : When businesses have to close shop or scale back operations due to an unexpected event (i.e., COVID-19), it can cause a significant loss in income. This is covered by business interruption insurance (which you can learn more about here ). We know that this is a lot of information to digest and seems like a lot to keep track of. However, it’s possible to combine general liability insurance and some of these coverages in a business owner’s policy (“BOP”). BOPs offer convenience, affordability, and simplicity. It’s important for you to understand the areas of potential liability that your business may face. With almost 20 years’ experience navigating business claims, Gilbertson Law Office can help you pinpoint those areas and make sure that you have the right insurance in place to protect your business. SCHEDULE YOUR INSURANCE REVIEW TODAY! If you have any questions or concerns regarding your insurance, contact Gilbertson Law Office today! Act now, and don’t wait to find out that your insurance doesn’t cover what you think it does!

A lot of times when I ask business owners what their succession plan or exit strategy is, I get a blank stare, a shrug of the shoulders, or an emphatic “I don’t have time to think about that!” for a response. Upon further investigation, I find that most business owners don’t know their options or where to start. Most business owners also don’t realize that it can take several years to properly posture a business for sale or transfer, regardless of what route is taken. When a business owner fails to adequately plan ahead for their exit, they are almost always leaving money on the table and creating unnecessary extra stress for themselves and those involved in the sale. Generally speaking, there are 8 general options for business owners looking to transfer out of an active role in their business: Transferring or selling the business to a family member; Selling to a key employee; Selling to a co-owner; Selling to an outside 3rd party; Maintaining ownership, but reducing role to a passive one; Selling to employees via an Employee Stock Ownership Plan; Sell via an Initial Public Offering (i.e., become a publicly traded entity); or Liquidate the assets of the business. I’d like to give a brief overview of the most common options I’ve seen small business owners choose. Each option has aspects to it that will dictate how things need to be set up and what can be done to make the transfer as seamless and profitable for the business owners as possible. Transfer or sale to family member In our experience, transferring a business to a family member is often the first thought that many business owners have. Keeping the business in the family often feels the “safest” and makes a lot of sense to many business owners. From a practical standpoint, you’re leaving the business that you’ve worked so hard to build with someone you know and trust, and who you believe will continue to run the business as you have for years. You’re also providing for the well-being of your family. On the potentially negative side, a sale or transfer to a family member is often not the most lucrative path for the business owner. Family members may not have the capital to pay cash for the business, which may require the business owner to self-finance the purchase over a number of years. For many families, there may some intra-familial political issues such as making sure you’re treating children/family members equally, and difficulties of the original owner actually stepping back to allow the family member to run the company. None of these issues are insurmountable, but they do need to be considered. Sale to a key employee In many instances, the sale of a business to a key employee is very similar to a sale to a family member, with similar risks and advantages. The mechanisms for a sale to a key employee are also quite similar to a family member sale. Sale to co-owner For businesses that have more than one owner, it will often make sense for an owner who is ready to leave the business to sell his interest to the other business owners. When this option is available, there can be some mechanisms put in place early on to make the sale fair and relatively straightforward when the time to exit comes (i.e., clear provisions in an agreement between the owners that explains how the company will be valued in the event of a sale of one owner’s interest). A sale to co-owners can help to ensure that the practices and mission of the company are largely maintained. However, as with a transfer or sale to a family member, a sale to a co-owner may not result in the highest potential payday for the exiting owner, and the sale price will most likely be paid out in installments over a period of time. Sale to an outside 3rd-Party In most cases, a sale to a 3rd party will result in the highest payout to an exiting business owner. Sale to a 3rd party can also provide the cleanest break for the exiting owner. While some exiting owners may elect to stay on as a hired consultant for the new owner for a period of time, that time is finite, and then the selling owner can walk away. While this type of sale may be the most lucrative, it’s also often the most complex and difficult for small businesses to pull off. Obviously, you first have to find an interested buyer, which can be difficult. There is also often a lot of back-and-forth negotiations regarding the terms of the sale. For most owners who have poured their heart and soul into their business, it can be a tough pill to swallow knowing that there’s no guarantee that any aspect of the company will stay the same, or that employees will still have jobs after the sale. Along those same lines, it can be extremely difficult for an owner to just walk away. In sum, there are a number of routes a business owner can take to exist their business, and there’s no uniformly “right” path for all business owners. Rather, each business owner needs to be aware of the options and evaluate what is important to him or her to make sure that the chosen exit path serves those interests. Making the decision to exit your business is not one that should be taken lightly or done in haste. Our mantra at Gilbertson Law Office is that “it’s never too early to start planning your exit.” If you haven’t given much thought to your exit strategy, and especially if you anticipate exiting your business in the next 5-10 years, it’s time to give us a call at 720.525.9275 or schedule a free consultation today ! If you have any specific questions or concerns about your exit plan or any other aspect of your business, don't hesitate to reach out.

Many businesses are so focused on finding good talent that they don’t realize that there are certain things that you can’t ask prospective employees. By now, most businesses are aware that they can’t ask questions about things such as marital status, religious beliefs and sexual orientation. But did you know that Colorado has joined the growing ranks of states that preclude businesses from asking about criminal backgrounds? What is the Chance to Compete Act? Colorado’s Chance to Compete Act (the “Act”) is commonly referred to as a “Ban-the-Box” law based on the common practice of including a box on employment applications to check if they’ve been convicted as a crime. The Act pertains to all “Criminal history,” and includes arrests, charges, pleas, or convictions for any misdemeanor or felony at the federal, state, or local level. Under the Act, an employer may not: State in any advertisement for a position that a person with a criminal history may not apply for the position: State on an application, written or electronic, that a person with a criminal history may not apply for the position; Inquire into, or require disclosure of, an applicant's criminal history on an initial written or electronic application; or Ask any questions concerning sealed criminal records under the Criminal Justice Records Act. Note, however, that the Act does allows an employer to obtain the publicly available criminal background report of an applicant at any time. What’s the reasoning behind the Act? The Act aims to reduce under-employment among ex-offenders. Specifically, the CO legislature found that: “Previous involvement with the criminal justice system often creates a significant barrier to employment in that applicants with criminal histories are less likely to be considered for an available job when that information is included on an initial job application.” The Act attempts to improve employment opportunities (and thereby decrease poverty, homelessness, and recidivism) by reducing the chance that employers will reject ex-offenders based solely on criminal history disclosed in the job application. When does the Act go into effect? As with many recent employment-related laws, it depends on the size of the business: September 1, 2019: Private employers with 11 or more employees September 1, 2021: ALL private employers, regardless of size Are there any exceptions to the Act? Yes, there are certain exceptions based on the industry and type of position. Specifically, the Act does not apply to a position being advertised if: Federal, state, or local law prohibits employing a person with a specific criminal history for the position; The position is designated by the employer to participate in a federal, state, or local program to encourage the employment of people with criminal histories; or The employer is required by federal, state, or local law to conduct a criminal history check for the position, regardless of whether it is for an employee or an independent contractor. For example, the following industries/businesses are required by CO law to run background checks on employees: Licensed Marijuana Facilities; Schools, including public, private, and charter; Home Care Agencies; and Child Care Facilities. So if my business isn’t in one of the listed exceptions, does that mean I can NEVER inquire about criminal histories? No. Once a conditional offer of employment has been made, you can request a criminal background check. You can also obtain a criminal background check on current employees. GLO strongly suggests that you include a background check policy in your employee manual, as well as have any employee that you conditionally offer employment to sign an authorization for you to obtain the criminal background check. Contact us today to help you craft an appropriate policy for your business. What are the penalties for non-compliance? Notably, the Act does not currently provide a private right of action by an aggrieved party. In other words, a rejected applicant cannot file a lawsuit against your business. That said, the Act does provide for administrative enforcement by CO’s Department of Labor (“DOL”). If an aggrieved applicant files a complaint with the DOL within one (1) year of the alleged violation, the DOL will investigate and issue penalties as follows: For the first violation, a warning and an order requiring compliance within 30 days For the second violation, an order requiring compliance within 30 days and a civil penalty up to $1,000 For the third or subsequent violation, an order requiring compliance within 30 days and a civil penalty up to $2,500 What should I do now? If you have 11 or more employees, and haven’t already done the items below, you’re behind and need to prioritize these steps! If you have less than 11 employees, you have a few months to get your policies in order, but we recommend just doing it now, so you don’t have to worry about it later. GLO recommends that all employers take the following actions: Review your job advertisements and applications for statements excluding applicants with a criminal history; Remove inquiries about criminal history from employment applications; Make sure that you have a written criminal background check policy – either as a standalone document or as part of your employee handbook; and Contact GLO to help you make sure that you are in compliance and avoid unnecessary penalties.

Even though things may be slowly starting to go back towards pre-COVID practices, one change that is likely here to stay is the ability to conduct business remotely. While this isn't true for every industry, there are likely certain aspects of every business that don't necessarily need to be done onsite. That said, allowing employees to work remotely also carries with it some legal risks and complications. One of the first things to keep in mind is to make sure you aren’t exposing your business to any wage and hour laws for remote employees. Employers with remote workers in multiple locations (whether states or local jurisdictions with differing laws) need to ensure they are paying employees in accordance with all applicable laws. This is especially true if your remote employees are nonexempt under the Fair Labor Standards Act (“FLSA”). An employee is "nonexempt"if they are not exempt from the overtime provisions of the FLSA and are therefore entitled to overtime pay for all hours worked beyond 40 in a workweek (as well as any state overtime provisions). Nonexempt employees may be paid on a salary, hourly or other basis. In order to avoid wage and hour issues for your remote nonexempt workers, GLO strongly suggests that you have an electronic timekeeping system for your employees to accurately record all hours worked, regardless of their location. We further urge you to implement a remote work policy that sets clear work hours, expressly prohibits off-the-clock work, and requires employees to obtain permission before working overtime. The policy should also include disciplinary actions in the event the employee fails to follow it. Keep in mind, however, that in the event your employees still cross the overtime threshold, you might still have to pay them overtime for those hours. So, whether you currently have employees working remotely, ask yourself the following preliminary questions: Does your company allow exempt and nonexempt employees the opportunity to work remotely? Does your company already have solid policies in place with respect to overtime, meal and rest breaks, and recording all hours worked? How do employees currently record hours worked, and will that technology work for remote workers? Does your company have the ability to audit whether non-exempt employees are working off the clock? Does your company currently advise employees that it is company policy to pay for all time worked, that all worked time must be reported, and that no manager has the authority to direct otherwise? Will employees be working remotely in a state or jurisdiction different than the traditional office? If so, are different overtime laws, leave laws, or minimum wage laws implicated? For example, the City and County of Denver has different a minimum wage requirement that is higher than the rest of the State of Colorado. That means that you would need to pay any minimum wage employees the rate required by Denver rather than your business' location. It may seem like more hassle than it's worth, but allowing employees to work remotely does have its benefits, including the ability to tap into a wider applicant pool to find someone that checks all the boxes you're looking for. You just have to lay out the ground rules up front and have a clear understanding of the expectations. Gilbertson Law Office can help you to craft the necessary policies and agreements to maximize the benefits of remote employees while limiting exposure to your business. If you currently have remote employees, or you're curious about what it could look like for your company, schedule a call now!

I am often asked what type of entity is appropriate for someone starting up a new business. Many times, this question comes from someone who is currently operating as a sole proprietor (if that’s you, contact us right now! ). Other times, it’s coming from someone who has heard of “partnerships,” “LLCs,” and “corporations,” but really doesn’t know what the difference is, or whether it even matters. In most cases, there is no “right” entity type for your business. That said: If you’re currently operating as a sole proprietor, you are undoubtedly leaving yourself open to more liability than you would be if you chose a different entity form . Now, I’m not trying to pick on or single out all you sole proprietors out there, but it’s really not all that difficult (or expensive) to protect your personal assets by creating a limited liability company. Seriously, if you’ve been putting it off – STOP! Let’s get you squared away and protected before things go sideways! The most flexible and most common entity type for new businesses is hands-down the limited liability company (aka LLC) because it offers a number of attractive advantages, including: Limited Liability: The members of the LLC and their personal assets (house, car, personal property, etc.), are protected from liability for the acts and debts of the LLC. However, liability protection will not extend to situations where: loans or debts are made with a personal guarantee, the owners fail to operate the LLC as a legitimate business apart from their personal affairs, an owner commits a criminal act, or an owner commits a tort (negligent or intentional act or omission) which injures another's person or property. Organizational Flexibility: LLC owners can choose whether they want the operations of the business to be flexible and informal like a general partnership or rigid with formal procedures like a corporation. LLCs are not required to adhere to corporate formalities such as annual shareholders meetings, formal board of directors meetings, and documentation of meeting minutes. That said, an annual meeting of the members and minutes are encouraged for every LLC in order to legitimize the separate nature of the entity. No Double Taxation: Assuming the owners of the LLC choose to be taxed as a partnership or sole proprietorship, profits are taxed at the member level only (via pass-through taxation) and avoid double taxation (unlike a corporation). LLCs by default are treated as pass-through entities, therefore, the entity itself is disregarded for tax purposes. Under the "check the box" regulations, an LLC can elect to be taxed as an S Corporation or a C Corporation, although this is typically a discussion to have with your accountant. Single or Multiple Members: An LLC can be a single member entity or a multiple member entity. There are no restrictions on the number of members permissible. Members can be individuals, partnerships, C Corporations, S Corporations, trusts, or other LLCs. Professional Image: Recognized as a legal business structure, an LLC can enhance the professional image of a business in the eyes of its investors, customers, and others in the marketplace. Regardless of your entity type, there are certain things that you need to do in order to make sure that you’re protecting your personal assets. Oftentimes, it’s not complicated, but the failure to check all of the boxes can mean subjecting your home and personal accounts to forfeiture in the event of a claim. Not sure whether you’re doing everything you need to? Contact us today , and we’ll help make sure you’re covered!

Over the past several months, many businesses have been forced to pivot their general operations from personal contact with customers to more remote and virtual contact. With that, your business’s website is more important now than ever before. How many of you go to a business’s website before deciding to do business with them? Whether it’s for personal services such as a dentist or hair salon, or for business services like a CPA or attorney, a website is often the opportunity for that business to make a good impression. Now, you’ve probably made sure that your website is clear and inviting to your customers, but have you made sure that it you’ve checked all the necessary boxes for your website and security practices to keep you out of legal hot water? Believe it or not, failure to adequately handle your website and information you obtain through it can get you sued. This week, we’re going to go over why it’s important that every business has a posted privacy & data security policy. Do I really need a privacy policy? Isn’t it just a bunch of unnecessary fine print? Yes, you need a privacy & data security policy, regardless of your industry. It is important that you properly inform your website visitors of your business’s privacy policy, including the type of information that will be gathered from the visitor, and for what purpose(s). In Colorado and many other states, there are laws that require businesses to maintain the privacy and security of consumer data – specifically with respect to “personal identifying information” (PII) and “personal information” (PI). PII includes social security numbers; personal identification numbers; passwords; pass codes; official state or government-issued driver’s license or identification card numbers; government passport numbers; biometric data; employer, student, or military identification numbers; and financial transaction devices, including financial account numbers. PI includes a Colorado resident’s first name or first initial and last name in combination with any of the following, when the data elements are not encrypted, redacted, or secured by any other method rendering the name or the element unreadable or unusable: Social Security number; Driver’s license number or identification card number; Student, military, or passport identification number; Medical information; Health insurance identification number; or Biometric data (e.g. fingerprints, iris recognition, retinal scans) used to authenticate an individual when they access an online account. PI also includes: A Colorado resident’s username or e-mail address, in combination with a password or security questions and answers, that would permit access to an online account; and A Colorado resident’s account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to that account. If you maintain PII, in paper or electronic form, you are required to develop a written policy to ensure that the PII is destroyed or properly disposed of when it is no longer needed. What does my business need to do with PII and PI? Establish written policies governing the disposal of documents & records containing PII. You are required to implement and maintain reasonable security procedures and practices to protect PII, taking into account the nature and size of your business and the type of PII you collect. Specifically, you need to develop procedures and practices to: Help protect the personal identifying information from unauthorized access, use, modification, disclosure, or destruction; or Effectively eliminate the third party's ability to access the personal identifying information, notwithstanding the third party's physical possession of the personal identifying information. Provide notice of security breaches affecting PI, to Colorado residents within 30 days of the discovery of a security breach. Note: If the security breach impacts 500 or more Colorado residents, you must also notify the Colorado Attorney General, and if more than 1,000 residents are impacted, you must also notify the credit reporting agencies. For example, a security breach can occur when: An employee clicks on a link or opens an email attachment that contains malware; An employee provides their password or other sensitive information to an unauthorized person; Your entity is the victim of a ransomware attack (which is sometimes accompanied by malware that steals data); Unencrypted PI is sent through a payment system; A briefcase containing client files is stolen or misplaced; or A mobile device or data storage device containing personal information is stolen or misplaced. Aside from legal requirements, having a privacy policy and security practices in place help build trust with your clients. Knowing that you are going to keep their information secure (even if it’s just their name and email), will give them the confidence they need to come back to your site and do business with you. D  o you need help creating your privacy & data security policies? Contact us today and we’ll help make sure you’re covered!

Being a business owner can sometimes be a lonely and exhausting endeavor. Many of you may feel like you need to “do it all yourselves” in order for your businesses to succeed. Or, you may be of the opinion that, if nothing else, it’s “cheaper” for you to do it yourself. But is it? In almost every case, the answer is a resounding “no.” I’m guilty of it myself. I spent the first year of owning my own law firm trying to figure out how to do the bookkeeping. I felt like I really “needed to understand” how it all works in order to effectively run my firm. In pretty much every respect, Gilbertson Law Office has simple bookkeeping needs. So, it should have been a fairly easy task, right? WRONG! Let’s face it – I’m good with words, not numbers. I HATED every minute spent trying to reconcile my bank accounts with my Quickbooks account. For the life of me, I couldn’t wrap my head around how to get everything to line up perfectly. So, I did what many busy business owners do – I ignored this piece of my business in favor of doing what I enjoyed doing (and am actually qualified to do!). The result (aside from driving my accountant absolutely nuts at tax time) was that my books were a mess, I had no idea what my financials were, and when I finally broke down and hired a bookkeeper, they had a LOT of work to do to go back and clean things up. It would have been SO much easier and cheaper if I had just hired the help I needed from the get-go. Sound familiar? Eventually, just about every owner realizes that “it takes a village” to have a successful business. Today, I’m a HUGE proponent of having a trusted “Core Business Team” in place for myself and for my clients. While who comprises a business’s Core Business Team may vary from one business to another, every business should at least have the following (in no particular order): CPA/Bookkeeper Insurance Agent/Broker who truly understands your business Business Coach or Mentor that you can turn to for big picture guidance Attorney Each of these advisors can help alleviate your stress and allow you to focus on your actual business without you getting lost in the weeds along the way. The truth is that you have strengths and you have weaknesses. We all do. So why ram your head against the wall doing things you’re not good at or don’t like? Do you really want to spend your evenings reading through vendor contracts or trying to catch up on your bookkeeping? My guess is no! Whether you’re just starting out in your business or you’ve been at it a long time, I encourage you to take a look around you to see where you could use some qualified help. Chances are, there’s a hole somewhere to be filled or something that can be done to lighten your load. Life’s too short to spend it bogged down. If you need some recommendations for folks that may be able to help fill your Core Business Team, Gilbertson Law Office can help. We have assembled a terrific arsenal of trusted business partners that we’d love to put you in contact with.